Live phishing tests have limited educational value. Here’s why IMMERSIVE phishing training is more SCALABLE than random employee shaming:

1. There are too many attack scenarios to simulate most of them in live tests

2. The immediate feedback is not a positive experience

3. What employees remember most is “being tricked”

4. Live tests don’t allow for context-based practice

5. Learning can’t be measured accurately

When there are many more attacker scenarios than opportunities to test employees, we’re in a losing battle. When the experience of passing or failing a phishing test doesn’t immediately reward employees for learning, they aren’t motivated to retain the knowledge.

Security awareness paradox

Join our next 5-Day Challenge to experience something completely unique

“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager

When employees are tricked, they remember the shock, but not the skills they need to avoid a real attack. When only one chance to analyze a threat is provided, any learning can’t be reinforced. When scenarios change significantly in every test, there is no consistent baseline against which we can assess learning.

There is a place for live phishing tests – in quarterly auditing. But it should not be used for foundational training and assessment.

The scalable way to teach and assess employee phishing awareness skills

Immersive, gamified training allows for many scenarios to be experienced and practised much more frequently than live phishing tests. Gamification uses extrinsic and intrinsic rewards to motivate employees and provide less friction. It also has many other benefits for motivating employees and reducing friction.

To experience a much better learning environment for phishing awareness, you can request a free trial of Click Armor’s immersive, fully gamified platform.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.